HomePentest-Tools.com Logo

Foxit Reader Arbitrary Code Execution Vulnerability (Linux) CVE-2016-8856

Severity
CVSSv3 Score
7.8
Vulnerability description

Foxit Reader is prone to an arbitrary code execution vulnerability.

Risk description

The flaw exists due to Foxit Readers core files are world-writable by default. Successful exploitation will allow remote attackers to overwrite core files with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both.

Recommendation

Upgrade to Foxit Reader version 2.2.1025 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Oct 31, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available